Archive for December, 2010
The internet has been buzzing with news of political change in the UK, where consumers are demanding US-like fines, regulations and notification rules regarding data breaches. Earlier this month Network World reported the Information Commissioner fined two organizations 160,000 pounds in two of their first fines for “serious” data breaches. Yet despite the new fines, consumers in the UK still want more protections and disclosure rules, so says 5,000 UK consumers in one survey.
If you have not read the Verizon 2010 Data Breach Investigations Report (a study conducted by the Verizon RISK Team in cooperation with the United States Secret Service), it is time to download and read this report and give it some attention. This report is comprehensive and is of great value for IT security specialists. The information is an eye-opener and guides management in the correct direction when trying to find the best solution to secure their IT infrastructure.
How much press will we have to endure on the significant problems created by WikiLeaks and the public lynching of those who perpetrate these leaks before we realize that if you give someone an inch (excessive admin rights) they will take a mile (misuse that privilege)?
Kevin Hickey, CEO of eEye Digital Security, addresses customers, partners, and prospects with a year-end review of 2010. First, he announces the launch of the new Retina CS 2.0 solution and covers what eEye promised at the beginning of the year and what they delivered, then introduces you to where the company is headed in…
The trial of a former Goldman Sachs programmer accused of stealing source code to take to a competitor has begun in somewhat of a public spectacle. The Wall Street Journal unveiled some particularly interesting details. For example, the programmer was one of the highest paid in the company with a $400,000 annual salary, but competitor Teza Technologies offered him over $1 million in total pay including a $700,000 bonus.
We’re used to the media getting side tracked by the content of data breach stories, rather than how they happened, as other posts here have regularly noted.
So you’ve decided to implement a privilege identity management solution because you’ve realized that a least privilege environment is a perfect way to eliminate the misuse of privilege from your corporation, help satisfy ever changing governance mandates and deliver on-demand reporting entitlement reports and keystroke logs to auditors when required.
Corporate governance ensures accountability across the extended enterprise. It facilitates staying competitive and satisfying ever changing government regulations while providing mechanisms and controls to reduce the inefficiencies that arise when individuals misuse privileges granted to them.